[c-nsp] Modifying ACLs on production router
Roland Dobbins
rdobbins at cisco.com
Mon Oct 6 03:51:29 EDT 2008
On Oct 6, 2008, at 3:28 PM, Grzegorz Janoszka wrote:
> So, configure the port not to send any icmp, not tcp rst packets and
> you will not loose any connection.
As Lincoln Dale indicated in an earlier reply to this thread, this
behavior is platform-/linecard-/train-/release-specific.
One technique I've used and seen used on some platforms is to
'leapfrog' ACL names/numbers - i.e., editing an offline copy with a
different name/number utilizing whatever scripts/tools one uses,
copying the updated ACL to the box, then switching out the ACL that's
applied to the interface (i.e., it rotates).
Again, this is very situationally dependent based upon the box/LC/code.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // +852.9133.2844 mobile
History is a great teacher, but it also lies with impunity.
-- John Robb
More information about the cisco-nsp
mailing list